Cisco Systems WRV54G manual Wireless-G VPN Broadband Router

Page 72

Wireless-G VPN Broadband Router

not completely secure. One piece of information still not encrypted is the MAC address, which hackers can use to break into a network by spoofing (or faking) the MAC address.

Programs exist on the Internet that are designed to defeat WEP. The best known of these is AirSnort. In about a day, AirSnort can analyze enough of the wireless transmissions to crack the WEP key. Just like a dictionary- building attack, the best prevention for these types of programs is by not using static settings, periodically changing WEP keys, SSID, etc.

There are several ways that WEP can be maximized:

a)Use the highest level of encryption possible

b)Use multiple WEP keys

c)Change your WEP key regularly

Current encryption technology offers 64-bit and 128-bit WEP encryption. If you are using 64-bit WEP, swap out your old wireless units for 128-bit encryption right away. Where encryption is concerned, the bigger and more complex, the better. A WEP key is a string of hexadecimal characters that your wireless network uses in two ways. First, nodes in your wireless network are identified with a common WEP key. Second, these WEP keys encrypt and decrypt data sent over your wireless network. So, a higher level of security ensures that hackers will have a harder time breaking into your network.

Setting one, static WEP key on your wireless network leaves your network open the threats even as you think it is protecting you. While it is true that using a WEP key increases wireless security, you can increase it further by using multiple WEP keys.

Keep in mind that WEP keys are stored in the firmware of wireless cards and access points and can be used to hack into the network if a card or access point falls into the wrong hands. Also, should someone hack into your network, there would be nothing preventing someone access to the entire network, using just one static key.

The solution, then, is to segment your network up into multiple groups. If your network had 80 users and you used four WEP keys, a hacker would have access to only ¼ of your wireless network resources. In this way, multiple keys reduce your liability.

Finally, be sure to change your WEP key regularly, once a week or once a day. Using a "dynamic" WEP key, rather than one that is static, makes it even harder for a hacker to break into your network and steal your resources.

Appendix B: Wireless Security

68

What Are The Risks?

Page 71 Page 73
Image 72
Page 71 Page 73
Contents 802 GHz .11g Wireless- G How to Use this Guide Copyright and TrademarksWord definition Table of Contents Wireless Security Frequently Asked QuestionsIntroduction WelcomeWhat’s in this Guide? Wireless-G Broadband VPN Router Planning your Wireless Network Router’s FunctionsIP Addresses What’s an IP Address?Why do I need a VPN? Dhcp Dynamic Host Configuration Protocol ServersDynamic IP Addresses What is a VPN? VPN Router to VPN Router Wireless-G VPN Broadband Router Getting to Know the Wireless-G VPN Broadband Router Back PanelFront Panel DMZConnecting the Wireless-G Broadband Router OverviewWired Connection to a PC Wireless Connection to a PCWireless-G VPN Broadband Router Configuring the PCs Configuring Windows 98 and Millennium PCsConfiguring Windows 2000 PCs PropertiesConfiguring Windows XP PCs Configuring the Router SetupWireless Access Restrictions AdministrationSecurity Applications & GamingHow to Access the Web-based Utility Setup TabBasic Setup Tab Internet SetupStatic Internet Connection Type Optional Settings Required by some ISPs Pptp Internet Connection TypeNetwork Setup Ddns Tab DynDNS.orgMAC Address Clone Tab See Figure Advanced Routing TabMAC Clone Advanced RoutingStatic Routing 10 Routing TableWireless Tab Basic Wireless Settings See FigureWireless Network Wireless Security WEP See FigureWireless Network Access See Figure 13 Wireless Network AccessAdvanced Wireless Settings See Figure 15 Advanced Wireless SettingsSecurity Tab FirewallVPN 18 Manual Key Management 19 Advanced VPN Tunnel Setup WEP Access Restrictions Tab Access Restriction23 Internet Filter Summary Applications and Gaming Tab Port Range ForwardingPort Triggering 27 Port TriggeringUPnP Forwarding 28 UPnP ForwardingDMZ Administration Tab Router PasswordManagement Log UPnPEmail Alert Syslog NotificationDiagnostics Notification Queue LengthAlert Log General Log33 Factory Default Status RouterInformation WAN ConnectionsLocal Network 36 Local Network38 Wireless System PerformanceAppendix a Troubleshooting Common Problems and SolutionsNeed to set a static IP address on a PC Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router TCP UDP Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Need to upgrade the firmwareFirmware upgrade failed, and/or the Power LED is flashing My DSL service’s PPPoE is always disconnecting Power LED flashes continuouslyFrequently Asked Questions Where is the Router installed on the network?Is IPSec Pass-Through supported by the Router? Does the Router support IPX or AppleTalk?What is Network Address Translation and what is it used for? Does the Router support ICQ send file?How can I block corrupted FTP downloads? What is DMZ Hosting? What are the advanced features of the Router?Is the Router cross-platform compatible? How many ports can be simultaneously forwarded?What is the Ieee 802.11g standard? What Ieee 802.11b features are supported?What is ad-hoc mode? What is infrastructure mode?What is ISM band? What is Spread Spectrum?What is DSSS? What is FHSS? And what are their differences? What is WEP?How do I reset the Router? How do I resolve issues with signal loss?Have excellent signal strength, but I cannot see my network Appendix B Wireless Security Brief OverviewWhat Are The Risks? Passive Attacks Jamming Attacks Maximizing Wireless Security Active Attacks Dictionary-Building or Table Attacks Man-in-the-Middle Attacks5SSID 8WEP Wireless-G VPN Broadband Router 4GHz/802.11b and 802.11g WEP Encryption Figure B-2 WEPEnvironment WRV54GHow to Establish a Secure IPSec Tunnel Create an IPSec PolicyBuild Filter Lists Filter List 1 win-routerFilter List 2 router-win Figure C-4 IP Filter ListFigure C-7 IP Filter List Configure Individual Tunnel Rules Tunnel 1 win-routerFigure C-13 Authentication Methods Figure C-16 Tunnel Setting Tab Tunnel 2 router-winFigure C-19 IP Filter List Tab Figure C-22 Preshared Key Assign New IPSec Policy Figure C-25 Connection TypeCreate a Tunnel Through the Web-Based Utility Figure C-28 VPN TabFigure D-1 IP Configuration Screen Windows 98 or Me InstructionsWindows 2000 or XP Instructions Figure D-3 MAC Address/Physical AddressAppendix E Snmp Functions Figure F-1 Upgrade Firmware Appendix F Upgrading FirmwareAppendix G Windows Help Shared ResourcesNetwork Neighborhood/My Network Places Appendix H Glossary Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Appendix I Specifications Transmit Power 19dBm LEDsUp to 54Mbps wireless, up to 100 Mbps LAN Appendix J Regulatory Information FCC StatementFCC Part 68 Statement Safety Notices Appendix K Warranty Information Limited WarrantyAppendix L Contact Information
Top Page Image Contents